Appln.No.: 09/921,015 

312 Amendment dated November 6, 2007 

Response to Examiner's amendment issued October 4, 2007 

This listing of claims will replace all prior versions and listings of claims in the application 
including that of the Examiner's amendment: 

Listing of Claims: 

1. (Currently amended) A method for processing calls to a directory access server, 
comprising: 

intercepting a call from a client computer to a directory access server, the call consisting 
of one of a request to add data to a directory associated with the directory access server, a request 
to modify data in the directory, and a request to delete data from the directory, the call further 
including at least one attribute associated with data having a data content and a data structure; 

evaluating the attribute according to a first rule governing data content that is permissible 
to be forwarded to the directory access server and a second rule governing data structure that is 
permissible to be forwarded to the directory access server; 

the first and second rules including a data addition rule when the call includes a request to 
add data to the directory; 

the first and second rules including a data modification rule when the call includes a 
request to modify data in the directory; 

the first and second rules including-.; a data deletion rule when the call includes a request 
to delete data from the directory; 

determining whether the attribute complies with the first rule and the second rule; 

forwarding the call to the directory access server if the attribute complies with the first 
rule and the second rule; and 

rejecting the call to the directory access server and forwarding an error message to a 
source of the call if the call attribute does not comply with the first rule and the second rule, 

said steps of evaluating the attribute and determining whether the attribute complies with 
the first rule and the second rule being performed by an attribute rule enforcer interposed 
between the directory access server and the client computer. 
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2-13. (Cancelled). 

14. (Currently amended) An attribute rule enforcer^ comprising: 

a rule validator and a transaction monitor, the rule validator and transaction monitor 
being interposed between a client computer and a directory access server; 

the transaction monitor being capable of intercepting a call from a client computer to a 
directory access server, diverting the intercepted call to the rule validator if the call includes one 
of a request to add data to a directory associated with the directory access server, a request to 
modify data in the directory, and a request to delete data from the directory, and being further 
capable of forwarding the intercepted call to the directory access server if the call does not 
include one of a request to add data to the directory, a request to modify data in the directory, 
and a request to delete data from the directory; and 

the rule validator being capable of determining whether an attribute of the call complies 
with a first rule governing content of data that meey is permissible to be forwarded to the 
directory access server and a second rule governing structure of data that is permissible to be 
forwarded to the directory access server, the first and second rules including a data addition rule 
when the call includes a request to add data to the directory, the first and second rules including a 
data modification rule when the call includes a request to modify data in the directory, the first 
and second rules including a data deletion rule when the call includes a request to delete data 
from the directory; 

the rule validator being further capable of forwarding the call to the directory access 
server if the attribute complies with one of the first rule and the second rule and being further 
capable of rejecting the call to the directory access server and returning an error message to a 
source of the call if the attribute does not comply with the first rule and the second rule. 

15. (Cancelled). 
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16. (Previously presented) The attribute rule enforcer recited in claim 14, wherein the 
rule validator is capable of forwarding the call to the transaction monitor, and the transaction 
monitor is capable of relaying the call to the directory. 

17. (Cancelled). 

18. (Previously presented). The attribute rule enforcer recited in claim 14, wherein the 
rule validator is capable of forwarding the call to the directory access server. 

19-24. (Cancelled). 

25. (Currently amended) A directory network, including: 
one or more client computers; 

a directory access server, said directory access server being capable of controlling access 
to a directory associated with the directory access server, and 

an attribute rule enforcer, said attribute rule enforcer comprising: 

a rule validator and a transaction monitor, the rule validator and transaction monitor 
being interposed between a client computer and a directory access server; 

the transaction monitor being capable of intercepting a call from a client computer to a 
directory access server, diverting the intercepted call to the rule validator if the call includes one 
of a request to add data to a directory associated with the directory access server, a request to 
modify data in the directory, and a request to delete data from the directory, and being further 
capable of forwarding the intercepted call to the directory access server if the call does not 
include one of a request to add data to the directory, a request to modify data in the directory, 
and a request to delete data from the directory; and 

the rule validator being capable of determining whether an attribute of the call complies 
with sfee a first rule governing content of data that is permissible to be forwarded to the directory 
access server and a second rule governing structure of data that is permissible to be forwarded to 
the directory access server, the first and second rules including a data addition rule when the call 



Page 6 of 10 



Appln.No.: 09/921,015 

312 Amendment dated November 6, 2007 

Response to Examiner's amendment issued October 4, 2007 

includes a request to add data to the directory, the first and second rules including a data 
modification rule when the call includes a request to modify data in the directory, and the first 
and second rules including a data deletion rule when the call includes a request to delete data 
from the directory; 

the rule validator being further capable of forwarding the call to the directory access 
server if the attribute complies with one of the first rule and the second rule and being further 
capable of rejecting the call to the directory access server and returning an error message to a 
source of the call if the attribute does not comply with the first rule and the second rule; 

the attribute rule enforcer being arranged in the directory network so as to intercept calls 
from the one or more client computers to the directory access server, said attribute rule enforcer 
being interposed between the one or more client computers and the directory access server. 

26. (Cancelled). 
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